restate-workflows

SUSPICIOUS. The skill’s behavior mostly matches its stated purpose as a workflow bridge and it avoids direct Redis/internal-package access, but it relies on a project-specific `joelclaw` binary whose public installation and release provenance is not clearly verifiable from the evidence. The skill also enables real queue/workflow submissions and recommends loading another skill first, raising trust-chain and operational-risk concerns without clear signs of credential theft or overtly malicious behavior.